Passwords, Passwords, Passwords

Your bank requires you to keep a PIN for your savings card and your credit card, you’ve got passwords for your computer, your emails, your Facebook account and every other internet based service you use.

And if you’re like a lot of people, these passwords often appear in multiple places.

Did you hear that Adobe got hacked? No? 150 million user accounts were stolen from Adobe’s on-line services in early October 2013, including passwords and credit card details. Whilst the data was “encrypted”, it was encrypted using a system that was able to be easily reversed.

A colleague of mine found an $800 charge on his card for a flight on Qatar Air within 24 hours of the hack, and another for $1500 shortly after!

What’s a guess some of those 150 million users shared the same password with Adobe that they did with other on-line services?

So how do you become “secure” in the digital world, without either owning an identic memory, or going bonkers trying to remember every password?

There’s a number of useful tools I’ve come across which have been an absolute Godsend in helping not only myself, but my staff, my family and my clients, be more secure with their passwords.

For a free piece of software, KeePass is extraordinary. KeePass is available as a free download for your PC or Mac, and a number of compatible variants have been released for your choice of iPhone or Android smart phone.

KeePass allows you to create and store complex passwords for anything you want. It can help you generate secure, 12 character passwords using whatever combination of lowercase letters, uppercase letters, numbers and special characters.

KeePass stores all your passwords in a simple file, which is password protected. The only tricky thing is remembering your master password!

To make KeePass truly effective, I store my KeePass database file on DropBox and have KeePassDroid (Android based KeePass) configured to open the file from my DropBox account on my Android smart phone and tablets.

This way I can access my passwords anywhere, at any time, on any device, and keep them all in sync! And it’s totally free!

LastPass is primarily a storage facility for web based passwords. Whilst the service is not free, it costs around USD$20 per user per year.

We use the Enterprise version of LastPass in our office as it allows me to provide new employees with a LastPass account, and then share with them passwords for web based services.

The beauty of LastPass is that I can share a password with an individual, without actually letting them see the password! LastPass installs small pieces of software which work with the users Internet browser to automatically input the username and password into the dialogue boxes when needed.

If an employee leaves for whatever reason, I simply revoke their access to LastPass and they lose access to those systems.

In an environment where we have hundreds (if not thousands) of different web related systems my team and I use on a daily basis, keeping unique passwords for every system can be difficult.

Every time we create an account for a new system LastPass provides us the option of creating a complex password and storing it. If we log into a system where we are using the same or similar password to another website, LastPass warns us and suggests we make it unique.

Wouldn’t it be awesome if we could carry around a small device that stored all our passwords on it, in encrypted format, that didn’t require us to have yet another password to access it?

MyIDKey is designed to be just that. At just larger than a USB key, the MyIDKey is a portable password storage device that uses your fingerprint (biometrics) to authorise access, allows you to ‘speak’ to it to request passwords, and can synchronise it’s database with a cloud service, which allows you to then manage your password database through your PC and Mac.

And if that wasn’t all, the device will self-destruct if too many attempts are made at accessing the device! What could be more amazing than this?

At USD$249 a pop, these devices aren’t cheap, however when you consider what it could cost you to have your passwords compromised, it’s really a drop in the ocean.

How do you manage your passwords? Have any questions regarding passwords and computer security in general. Feel free to drop me a line.